Received invalid SSL certificate: unable to get certificate CRL

Markus Winkler ml at irmawi.de
Tue Jan 25 20:19:14 UTC 2022


Hi Laura,

On 25.01.22 11:48, Laura Smith wrote:
> Thanks for your suggestion, I have a couple of questions about it though. > First, my understanding from the docs was that ssl_client_ca_* were 
override parameters and that in the absence of the parameters, Dovecot 
would default to using OpenSSL defaults ? (And building on that, as per my 
manual tests, you can see OpenSSL returns an "OK" on the validation).

To be honest: I dont have a setup like yours to test it. I just remembered 
a mail from Aki in which he mentioned this part of the documentation and so 
I thought that

ssl_ca = </etc/ssl/certs/ca-certificates.crt

is worth a try.

> Second, I'm dealing with standard Let's Encrypt certs here, no private PKI certs here.

Yes, I know. And it seems, that all is fine with them.

Regards,
Markus


More information about the dovecot mailing list